What’s the Best IPS?

Intrusion protection systems (IPS) offer corporate networks a front-line defense against hacker attacks and malicious applications or operating systems (OS). As computer hacking, rootkits, keyloggers, and other malware become increasingly sophisticated, however, information technology (IT) professionals may struggle to identify the best IPS to deploy against information theft and fraud. That's where the independent testing organization NSS Labs claims it can help.

Recently, NSS Labs concluded its annual evaluation of leading Internet protection systems. Although more IPS vendors (11) agreed to participate in 2010 than in years past, a comparable number of companies (9) stayed home. "The vendors who had confidence in their products wanted to volunteer to participate," explains NSS Labs president Rick Moy. "At some point, it's a marketing decision whether you participate or not."

According to NSS Labs, McAfee's M-8000 and Cisco Systems' IPS 4260 Sensor are the best at stopping attacks against desktop applications, both in their default configurations and with tuning. In 2009, all of the tested IPS products stopped only 45% of the attacks, but in 2010 the average rose to 62%. Still, "there's a big difference between the default and the tuned for many vendors," Moy explains. The average variance is also significant when measured over several years, with tuned products ranging in effectiveness from 31% to 98%.

The cost of the NSS Labs report is $1,800 (USD), but the expense of a comprised corporate network can exceed that. How does your company evaluate the effectiveness of its Internet protection system (IPS)? Do you rely upon the research of independent testing organizations such as NSS Labs?

Source: PC World